Re: Sid SELinux packages are now working
On Wed, 9 May 2007 13:00:14 +0200, Gabor Gombas <firstname.lastname@example.org> said:
> Well, I don't know much about SElinux (yet) but how about storing the
> modified module at a different location (say under
> /var/selinux/local-policy)? That way the update script can be taught
> to simply ignore the shipped module if a customized module with the
> same name exists, and use your customized version instead. No need to
> play with version numbers, no need to check if the file was changed.
Sure. The problem is when your policy .deb is upgraded, and the
postinst tries to refresh the installed policy (perhaps asking using
debconf to ask you). At this point, I know how to look up the version
of the policy module foo that is installed (and is also present in
/etc/selinux/<policy-type>/modules/active/modules/foo.pp). But I do not
know the version of /usr/share/selinux/<policy-type>/foo.pp.
I can, of course, determine that these two files are different
/usr/share/selinux/<policy-type>/foo.pp -- but Ercih wants me to be
version aware, and that is the problem.
I am not sure I can see how we can easily change the location of
the policy store ( /etc/selinux/<policy-type>/modules/active/modules),
if you think the store location should be changed.
"If you are patient in one moment of anger, you will escape a hundred
days of sorrow." -Chinese Proverb
Manoj Srivastava <email@example.com> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C